(19) 




Europaisches Patentamt 
European Patent Office 
Office europeen des brevets 



(12) 



(11) EP 0 773 490 A1 

EUROPEAN PATENT APPLICATION 



(43) DatG of publication: 

14.05.1997 Bulletin 1997/20 

(21) Application number: 96308010.6 

(22) Date of filing: 05.11.1996 



(51) intClA G06F 1/00 



(84) 


Designated Contracting States: 


• Kataoka, SatosKii 




DE FR GB 


Nakahara-ku, Kawasaki-shI, Kanagawa 211 (JP) 
• Murakami, Keiiehl 


(30) 


Priority: 07.11.1995 JP 289009/95 


Nakahara-ku, Kawasaki-shi, Kanagawa 211 (JP) 




07.11.1995 JP 289011/95 


• Yoshioka, Makoto 


(71) 




Nakahara-ku, Kawasaki-shi, Kanagawa 211 (JP) 


Applicant: FUJITSU LIMITED 




Kawasaki-shi, Kanagawa 211 (JP) 


(74) Representative: GodsMl, John Kenneth et al 
Haseltlne Lake & Co., 


(72) 


Inventors: 


Imperial House, 


• 


Utsumi, Kenichi 


15-19 Kingsway 




Nakahara-ku, Kawasaki-shi, Kanagawa 211 (JP) 


London WC2B 6UD (GB) 



(54) Security system for protecting information stored in storage media 



(57) A security system tor protecting information 
stored in portable storage media operates by checking 
identifiers assigned to each medium, system, and ter- 
minal. Medium IDs are Identifiers written by manufac- 
turers of the storage media. System IDs, or corporate 
IDs, are assigned to enterprise-wide computer systems 
each consisting of a host computer and terminals. Ter- 
minal IDs are affixed to the respective terminals. Data 
is stored in the media in encrypted form. The security 
system checks the validity of the medium ID, (822), sys- 
tem ID (823) and terminal ID (824) before allowing the 
user to perform any data access, thus protecting the 
contents from unauthorized access. The security sys- 
tem also writes permission data into each storage me- 
dium to manage the decryption of encrypted data stored 
therein. The permission data contains an encrypted key 
which is necessary tor decrypting the data, and the key 
can be decoded only with a valid medium ID and unit 
ID, thus protecting the data in the medium against any 
attempt to decrypt it with unqualified equipment. 
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Description 

The present invention relates to a security system 
for protecting information stored in storage media and 
In a specific example, to a security system for protecting s 
information stored in portable storage media. 

The present invention also relates to a security sys- 
tem for protecting data stored in storage media by using 
cryptography. 

Today's mass storage device technologies allow a io 
large amount of information to be stored in a handy stor- 
age medium and new high-capacity media, such as 
magneto-optical (MO) disks, are used for delivering data 
and programs on an off-line basis. In business computer 
systems in which a plurality of terminals are connected fs 
to a host computer via communications networks, exec- 
utive programs for the terminals, as well as data proc- 
essed in daily jobs, are stored in those portable storage 
media and transported from headquarters to terminals 
or vice versa. Besides being capable of storing large- 20 
volume files, they are easy to carry, store and use. 

In business activities, however, data security will be 
a serious concern because of the confidential nature of 
the contents of data files. Since there is always a risk 
that such important storage media might be lost or sto- 2S 
len in transit, password protection techniques are com- 
monly used to protect information in the media from un- 
authorized access and to ensure reliable delivery. A 
password, or a uniquely defined Identifier, is previously 
written into the storage media and a user attempting ac- 30 
cess to the contents will be required to enter the correct 
password. 

This conventional password protection is simple 
and easy to implement, but it should be noted that such 
a password is also a potential subject of theft and illegal 3S 
use. Particularly in the case that data and a program for 
its retrieval are packaged in the same medium, the data 
will be exposed to more serious risk and threats, since 
any terminal equipment can be used for retrieving the 
data. Therefore, there has long been a demand for more 40 
reliable security systems to protect information in stor- 
age media from unauthorized access and to ensure safe 
delivery. 

According to one aspect of the invention there is 
provided a secu nty system for protecting data encrypted 4s 
and stored in portable storage media by only permitting 
qualified terminals to retrieve and decode the encrypted 
data. 

According to another aspect of the present inven- 
tion, there is provided a security system for protecting 50 
data stored in a storage medium, this security system 
comprising an individual identifier, a terminal identifier 
and security control means. 

The individual identifier may be an identifier previ- 
ously written into the storage medium. The terminal ss 
identifier may be an identifier uniquely assigned to the 
terminal. The security control means then permits the 
terminal to make access to the data in the storage me- 



dium only when the individual identifier extracted from 
the storage medium and the terminal identifier extracted 
from the storage medium and the ternninal Identifier ex- 
tracted from the terminal are both valid. 

According to a further aspect of the invention, there 
is provided another security system for protecting Infor- 
mation stored in storage media, this security system 
comprising storage medium and a security control unit, 
the storage medium being a portable medium for storing 
information and the storage mediunn has a medium 
identifier uniquely assigned thereto; the security control 
unit is used for reading and writing the Inf onmation in the 
storage medium and it also has a unit identifier uniquely 
assigned thereto. 

The security control unit may comprise four ele- 
ments, e.g. according to the following example. First pri- 
vate key generating means generates a phvate key 
based on the medium identifier extracted from the stor- 
age medium and the unit identifier, when the security 
control unit attempts to write data into the storage me- 
dium. First encrypting means produces permission data 
by encrypting a data encryption key with the private key 
generated by the first private key generating means, and 
It writes the permission data into the storage medium. 
Second encrypting means encrypts the data with the da- 
ta encryption key, and writes the encrypted data into the 
storage medium. When the security control unit at- 
tempts to retrieve the encrypted data written in the stor- 
age medium, second private key generating means re- 
generates the private key based on the medium identi- 
fier extracted from the storage medium and the unit 
Identifier. First decrypting means produces a data de- 
cryption key by decrypting the permission data extract- 
ed from the storage medium, with the private key regen- 
erated by the second private key generating means. 
Second decrypting means decrypts the encrypted data 
extracted from the storage medium, with the data de- 
cryption key produced by the first decrypting means. 

For a better understanding of the Invention, and to 
show how the same may be carried into effect, reference 
will now be made, by way of example, to the accompa- 
ny ihg~drawlngs, In which :- ' "~ 

FIG. 1 is a diagram showing the structure of a com- 
puter system employing a security system in a first 
embodiment of the present invention; 
FIG. 2 Is a flowchart showing a process of author- 
izing storage media; 

FIG. 3 is a diagram illustrating an authorization ta- 
ble; 

FIG. 4 is a diagram showing data recorded in a stor- 
age medium including security control information; 
FIG . 5 is a flowchart showing a process of qualifying 
terminals; 

FIG. 6 is a flowchart showing a process of writing 
data into a storage medium; 

FIG. 7 is a flowchart showing a process of reading 
data from a storage medium; 
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FIG. 8 is a flowchart showing a process of installing 
a security control program to a terminal; 
FIG. 9 is a diagram showing the structure of a se- 
curity system in a second embodiment of the 
present invention; 

FIGS. 10 (A) and 10 (B) are diagrams showing the 
structure of information recorded In a storage me- 
dium; 

FIG. 11 is a flowchart showing a process of encrypt- 
ing subject data; 

FIG. 12 is a flowchart showing a process of creating 
permission data; and 

FIG. 1 3 is a flowchart showing a process of decrypt- 
ing stored data. 

Two embodiments of the present invention will be 
described below with reference to the accompanying 
drawings. 

At the outset, a first embodiment will be described 
with reference to FIGS. 1 to 8. 

FIG. 1 shows the overall structure of a computer 
system employing a security system in the first embod- 
iment of the present invention. In this business comput- 
ing system to provide banking services, for example, a 
host computer 2 situated at headquarters 1 has a plu- 
rality of local terminals. Via data communication net- 
works, the host computer 2 are connected to the com- 
pany's branch offices 10, where a plurality of terminals 
are situated. The control of those local and remote ter- 
minals 11 is concentrated in the host computer 2, where 
an authorization table 3 provides information for quali- 
fying system administrators and users. 

Each terminal 11 communicates with the host com- 
puter 2 to perform business transactions, reading and 
writing data from/to a storage medium 5 through a drive 
unit 4. A security controller 12 controls access to the 
contents as well as supen/ising data encryption proc- 
esses performed when data Is written into the storage 
medium 5. 

The storage medium 5 stores data and programs in 
encrypted form, along with some security control infor- 
mation described later on. Magneto-optical (MO) disks 
and other rewritable portable media are suitable for the 
storage medium 5. The drive unit 4 Is a hardware device 
to write and read data in such a storage medium 5. 

The following description will explain in detail about 
operation of the security system of the first embodiment. 

FIG. 2 is a flowchart showing a process of author- 
izing storage media. In the present embodiment, every 
storage medium 5 has to be initialized so as to contain 
some security information. The process takes the fol- 
lowing four steps. 

[SI] A unique medium identifier (ID) is written, or 
burned in a permanent manner, into a non-rewrita- 
ble region of the storage medium 5 (e.g., an MO 
disk) with a laser beam. This step SI is performed 
by the manufacturer of the storage medium 5 before 



shipment The permanent medium ID makes it dif- 
ficult to forge the storage medium 5. 
[82] Referring to the authorization table 3. the se- 
curity controller 1 2 examines whether a correct ad- 
ministrator's password is entered or not. For exam- 
ple, when an operator in the headquarters 1 has in- 
serted a new medium to the drive unit 4 of the ter- 
minal 11 , the security controller 1 2 will request him/ 
her to enter a user ID and a password. If the entered 
password is found in the authorization table 3 as an 
authorized administrator who has powers to initial- 
ize media, the process advances to the next step 
S3. Otherwise, the process is terminated. 
[S3] Now that the operator is authorized, the secu- 
rity controller 12 determines a unique ID to identify 
the computer system in which the storage medium 
5 can circulate. This enterprise-specific identifier is 
referred to as a system ID or corporate ID. For ex- 
ample, a corporate ID for "Bank AAA" is selected 
for this purpose. 

[S4] The system ID (corporate ID) determined in 
step S3 is written Into the storage medium 5, and 
other data area tor terminal IDs and encrypted data 
(described later) are then initialized. 

Through the above-described process, the storage 
medium 5 has acquired a proper format as an "author- 
ized medium" for future use in branch offices in a specific 
corporation. 

FIG. 3 illustrates the authorization table 3 used in 
the present embodiment. Each entry of the authorization 
table 3 contains a user ID, user classification, a pass- 
word, and so forth, which are registered previously. User 
classification data qualifies the users by classifying 
them into system administrators, ordinary users, and 
others, for defining their job responsibilities and access 
rights to stored data. In step S2 in the flowchart of FIG. 
2, the security system refers to this authorization table 
3 to retrieve user qualification data and a registered 
password corresponding to the user ID entered by the 
user. If the retrieved user qualification data shows that 
the user is an administrator, and if the entered password 
agrees with the registered one, the user will be allowed 
to proceed to steps S3 and S4 for creating authorized 
storage media. 

FIG. 4 shows exemplary data recorded in the stor- 
age medium, including security control information. The 
data includes the following information, for example. 

• Medium ID 

• Corporate ID 

• Terminal ID 

• Encrypted data 

• Other data 

As previously explained, the medium ID is an iden- 
tifier uniquely assigned by the manufacturer to each 
medium. The corporate ID is an identifier written by 
the company operating the computer system. The 
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terminal ID is an optional identifier used to devote 
the storage medium to a specific terminal. This ter- 
minal ID provides a terminal having the designated 
terminal ID with the privilege to read and write that 
storage medium. 

FIG. 5 is a flowchart showing a process to associate 
the storage medium to a specific terminal by giving the 
above-described terminal ID. The process takes the fol- 
lowing two steps. 

[S1 1 ] An adnninistrator in a branch office determines 
an identifier of a specific terminal that is exclusively 
allowed to read and write the medium. Each termi- 
nal in the branch office is uniquely identified with its 
unit number, which can be used as a terminal ID. In 
step Sn , the security system accepts the terminal 
ID determined by the administrator. 
[SI 2] The terminal ID is written into the authorized 
storage medium to give an exclusive read/write ac- 
cess privilege to the terminal. 

Through the above-described process, the author- 
ized storage medium delivered from the headquarters 1 
has acquired a terminal ID, so that its contents be ac- 
cessible only to a specific terminal qualified by checl^ing 
coincidence of the IDs. The corporate ID also serves for 
qualification of the computer system that handles the 
storage media. 

FIG. 6 is a flowchart showing a process of writing 
data into the authorized storage medium. Assume that 
an operator in the headquarters 1 or one of the branch 
offices 11 is now attempting to write data into a storage 
medium 5. The process takes the following six steps. 

[821] The operator inserts the storage medium 5 
into the drive unit 4 of one of the terminals 1 1 . 
[S22] In response to the insertion of the storage me- 
dium 5, the security controller 1 2 checks whether or 
not the storage medium 5 contains a medium ID by 
searching a predetermined read-only region. If a 
valid medium ID is found there, the process advanc- 
es to the next step S23 since it has learned that the 
medium was produced in a legal manufacturer. If no 
valid medium ID is found, the process will be termi- 
nated, suspecting that the storage medium 5 is ille- 
gal one. 

[S23] The security controller 12 checks whether or 
not the storage medium 5 contains a corporate ID. 
If a valid corporate ID is found, the process advanc- 
es to the next step S24 since it has learned that the 
storage medium 5 has been properly processed in 
the headquarters 1 . If no valid corporate ID is found, 
the process will be terminated. 
[S24] The security controller 1 2 checks whether the 
terminal has a valid access right or not. Specifically, 
it is examined whether or not the terminal ID in the 
security controller 12 or in the storage medium 5 



agrees with the identifier of the temninal used. If the 
terminal has a valid access right, the process ad- 
vances to the next step 825. If not. the process will 
be terminated. 

5 [825] The subject data is encrypted under a known 
data encryption algorithm such as the Data Encryp- 
tion Standard (DES). 

[S26] The encrypted data is written into the storage 
medium 5. 

10 

Through the above-described process, the data can 
be written into the storage medium 5, only in the condi- 
tion that the storage medium 5 has a correct medium ID 
and corporate ID and the terminal has a valid access 

*5 right to the storage medium 5. 

Next, a process to read out data encrypted In a stor- 
age medium. FIG. 7 is a flowchart showing this data 
reading process in such a situation that an operator in 
the headquarters 1 or one of the branch offices 1 1 is 

20 now attempting to retrieve data from the storage medi- 
um 5. The process takes the following eight steps. 

[S31] The operator inserts the storage medium 5 
into the drive unit 4 of one of the terminals 11. 

25 [S32J In response to the insertion of the storage me- 
dium 5, the security controller 12 examines whether 
or not the storage medium 5 contains a medium ID 
by searching a predetermined read-only region. If a 
valid medium ID is found, the process advances to 

30 the next step S33 since it has learned that the me- 
dium has been produced in a legal manufacturer. If 
no valid medium ID is found, the process will be ter- 
minated, suspecting that the storage medium 5 is 
illegal one. 

35 [S33] The security controller 1 2 checks whether or 
not the storage medium 5 contains a corporate ID. 
If a valid corporate ID is found, the process advanc- 
es to the next step S34 since it is learned that the 
storage medium 5 has been properly processed in 

^0 the headquarters 1 . If no valid corporate ID is found, 
the process will be terminated. 
[S34] The security controller 12 checks-whetherthe 
terminal has a valid access right or not. Specifically, 
it is examined whether or not the terminal ID in the 

ts security controller 12 or in the storage medium 5 
agrees with the Identifier of the terminal used. If the 
terminal has a valid access right, the process ad- 
vances to step S36. If not, the process proceeds to 
step S35. 

*o [S35] The lack of consistency of terminal ID found 
in step S34 may be compensated by a valid pass- 
word of a system administrator in the headquarters 
1. Step S35 tests whether such an administrator's 
password is entered or not. If the entered password 

'5 is valid, the process proceeds to step S36. If no 
password is entered or the entered password is not 
valid, the process is terminated. 
[S36] The data, which is stored in encrypted form, 
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is read out from the storage medium 5 
[S37] The data Is decoded, or decrypted. 
[S38] The decoded data is stored in a local storage 
unit in the terminal. 

The security controller 12 is actually implemented 
as a software program executed in each terminal, which 
is referred to as a security control program. The present 
invention provides protection for this important security 
control program. 

FIG. 8 Is a flowchart showing a process of installing 
a security control program into a terminal. This process 
protects the security control program from being in- 
stalled in or executed in non-authorized terminals, thus 
avoiding illegal access to the contents of the storage 
medium 5. The process takes the following four steps. 

[S41] The administrator's password and corporate 
ID are written Into a resen/ed area in the security 
control program. The program with this additional 
protection Information will be used as a "master pro- 
gram" for later distribution. 

[S42] Copies of the master program are distributed 
to the branch offices. 

[S43] The delivered security control program is in- 
stalled Into every terminal in each branch office. 
[S44] In each terminal, its unique terminal ID is writ- 
ten into another reserved area in the security control 
program stored in a local storage unit in the termi- 
nal. 

Through the above-described process, the security 
control program is customized for exclusive use in that 
terminal; that is, the control program will not work even 
if rt is copied and installed In other terminals. When start- 
ed, the security control program compares between its 
own terminal ID and the actual ID of the terminal and 
will abort itself if they do not agree with each other. 

Once the security control program is installed and 
customized for each terminal, its future reinstallation is 
also restricted. Storage media used for reinstallation or 
program update must have a terminal ID registry that 
coincides with the actual terminal I D indicated by the ter- 
minal in use. If this comparison failed, the reinstallation 
of the security control program will be rejected. 

The above-described first embodiment will be sum- 
marized as follows. The security system permits access 
to storage media (i.e. to read or write encrypted data 
stored therein) only when the storage media contain a 
valid medium ID, corporate ID, and terminal ID. The ter- 
minal ID allows a specific terminal to use the storage 
media and security control program in an exclusive 
manner. Any inconsistency detected In the medium ID, 
corporate ID, and terminal ID will terminate the process- 
es for reading and writing data or Installing program, 
thus protecting the confidential information from illegal 
access, theft, and other risk and threats. 

Next, a second embodiment of the present inven- 



tion will be described below with reference to FIGS, g to 
13. which provides a reliable security system for protect- 
ing data encrypted and stored in portable storage media 
by permitting only qualified terminals to retrieve and de- 
s code the encrypted data. 

FIG. 9 shows the structure of a security system in 
the second embodiment of the present invention. In FIG. 
9. a storage medium 101 is a portable mass storage me- 
dium to store encrypted data along with some security 

10 control information including a unique medium ID and 
permission data. Magneto-optical (MO) disks are suita- 
ble for the storage medium 5. 

A medium ID 121 is an identifier uniquely assigned 
to the storage medium 101 , which is burned Into a pre- 

?5 determined region In a non-rewritable manner with a la- 
ser beam, for example. This permanent medium ID 
makes it difficult to forge the storage medium 101 . Per- 
mission data 122 is actually a data encryption key 106 
encrypted with a private key. Encrypted data 1 23 is data 

20 encrypted with the data encryption key 106 through a 
data encryption algorithm such as the DES. 

A data encoding unit 102 comprises first private key 
generating means 105, first encrypting means 107, and 
second encrypting means 108 to encrypt data and an 

25 encryption key. 

The first private key generating means 105 gener- 
ates a private key, based on the medium ID 121 extract- 
ed from the storage medium 101 and a unit ID 104. The 
unit ID 1 04 Is a unique Identifier of the computer system 

30 Itself or that of a portable drive, unit (e.g., an MO drive). 
While the former identifier is normally used as the unit 
ID 104, the latter may be useful in some situations such 
as system Installation or maintenance, because It is pos- 
sible to install programs, set up data, and modify data 

35 using the same drive unit and storage medium for dif- 
ferent computer systems. The first encrypting means 
107 encrypts the data encryption key 106 with the pri- 
vate key generated by the first private key generating 
means 105. The encrypted encryption key is written into 

40 the storage medium 1 01 as the aforementioned permis- 
sion data 122. The second encrypting means 108 en- 
crypts the data with the data encryption key 106 and 
writes the encrypted data into the storage medium 101 
as the aforementioned encrypted data 123. 

45 A data decoding unit 1 03 comprises second private 
key generating means 109, first decrypting means 110, 
and second decrypting means 1 1 2, to decrypt data out 
of the medium ID 1 21 , permission data 1 22 and encrypt- 
ed data 1 23. 

50 The second private key generating means 1 09 gen- 
erates a private key, based on the medium ID 121 ex- 
tracted from the storage medium 101 and the unit ID 
104. To obtain a data decryption key 111, the first de- 
crypting means 110 decrypts the permission data 122 

55 In the storage medium 101 , using the private key gen- 
erated by the second private key generating means 1 09. 
The second decrypting means 112 decrypts the encrypt- 
ed data 1 23 with the data decryption key 111 generated 
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by the first decrypting means 110. 

FIGS. 10 (A) and 10 (B) show the structure of infor- 
mation recorded in the storage nnedium 101 , As FIG. 10 
(A) specifically shows, the information includes: 

• Medium ID 

• Corporate ID 

• Permission data #1-#/7 

• Encrypted data #1 -#n 

As previously explained, the medium ID is an iden- 
tifier uniquely burned into each medium with a laser 
beam or the like, which ID prevents the medium 
from being forged. The corporate ID is an identifier 
uniquely assigned to each company to distinguish 
their computer systems from each other. The per- 
mission data #1-#n and encrypted data #1-#n are 
prepared tor a plurality ot units (n units). When writ- 
ing the same data set or installing the same pro- 
gram Into a plurality of units, />set of permission da- 
la should be stored in the storage medium 101 . In 
this case, a plurality of permission data correspond 
to a single set of decrypted data. 

FIG. 10(B) schematically shows association be- 
tween the permission data and unit IDs. As seen in FIG. 
9, the permission data 122 derives from the unit ID 1 04 
and medium ID 121 , and therefore it will have different 
values for different unit IDs. FIG. 10(B) shows how the 
permission data #1, #2, #3, etc. correspond to the dif- 
ferent unit IDs #1, #2, #3. etc. 

Next, a process to generate the encrypted data 123 
will be described in detail with reference to FIG. 11. 

FIG. 11 is a flowchart showing a process of encrypt- 
ing storage data. The process takes the following four 
steps. 

[S51 ] Data is selected for encryption. 
[S52] A data encryption key 106 is determined. 
[S53] The second encrypting means 108 encrypts 
the selected data with the data encryption key 1 06. 
[S54] The encrypted data 1 23 is stored into the stor- 
' age medium 101. ~ 

Next, a process to generate the permission data 
1 22 will be described in detail with reference to FIG. 1 2. 

FIG. 1 2 is a flowchart showing a process of creating 
the permission data 122. The process takes the follow- 
ing six steps. 

[S61] The first private key generating means 105 
extracts the unit ID 1 04 from the data decoding unit 
103. 

[S62] The first private key generating means 1 05 
extracts the medium ID 121 from the storage medi- 
um 101. 

[S63] The first private key generating means 105 
creates a private key from the unit ID 104 and me- 
dium ID 121 extracted in steps S61 and S62, re- 



spectively. 

[S64] The first encrypting means 107 encrypts the 
data decryption key 106 with the private key to pro- 
duce permission data 122. 
5 [S65] The permission data 122 is stored into the 
storage medium 101 . 

fS66] II is tested whether all the available unit IDs 
have been processed or not. If all the unit IDs are 
finished, then the process ends. Otherwise, the 
10 process returns to step S61 for the next unit ID. 

Lastly, a process to decrypt the stored data will be 
described below with reference to FIG. 13. 

FIG. 1 3 is a flowchart showing a process of decrypt- 
15 ing the encrypted data 123. The process takes the fol- 
lowing six steps. 

[S71] The second private key generating means 
109 extracts the unit ID 104 of the data decoding 
20 unit 103. 

[S72] The second private key generating means 
109 extracts the medium ID 121 from the storage 
medium 101. 

[S73] The second private key generating means 
25 109 creates a private key from the unit ID 104 and 
medium ID 121 extracted in step S71 and S72, re- 
spectively. 

[S74] The first decrypting means 110 decrypts the 
permission data 122 with the private key to retrieve 

30 a data decryption key 111 . 

[S75] The second decrypting means 112 extracts 
original data from the encrypted data 123 by de- 
crypting it with the data decryption key 111. 
[S76] It is tested whether all the available encrypted 

3S data have been processed or not. If alt the data are 
finished, the process ends. Otherwise, the process 
returns to step S74 for the next data. 

The above discussion about the second embodi- 
40 ment will be summarized as follows. According to the 
present embodiment, the secunty system encrypts both 
original data and its permission data^y^using a unit ID, 
medium ID, and a data encryption key and stores them 
into the storage media. Only the units having relevant 
45 unit IDs can retrieve the original data, thus protecting 
the stored data from illegal access 

The foregoing is considered as illustrative only of 
the principles of the present invention. Further, since nu- 
merous modifications and changes will readily occur to 
50 those skilled in the art, it is not desired to limit the inven- 
tion to the exact construction and applications shown 
and described, and accordingly, all suitable modifica- 
tions and equivalents may be regarded as falling within 
the scope of the invention. 
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Claims 

1. A security system for protecting data stored in a 
storage mediunn, the security systenn comprising: 

an individual identifier previously written into 
the storage medium; 

a terminal identifier uniquely assigned to the 
terminal; and 

security control means for permitting the termi- 
nal to make access to the data in the storage 
medium only when said individual identifier ex- 
tracted from said storage medium and said ter- 
minal identifier extracted from the terminal are 
both valid. 

2. A security system according to claim 1 , 
wherein said security, control means is disposed in 
the terminal. 

3. A security system according to claim 1 , 
wherein said security control means is disposed in 
a security control program of the terminal. 

4. A security system according to claim 1 ,2 or 3 where- 
in the data is encrypted or decrypted when said in- 
dividual identifier and said terminal identifier are 
both valid. 

5. A security system according to claim 4, 
wherein the data is encrypted or decrypted when 
said individual identifier, said terminal identifier, and 
a user identifier are all valid. 

6. A security system according to any one of claims 1 
to 5. wherein said individual identifier Is a medium 
identifier uniquely assigned to the storage medium. 

7. A security system according to any one of claims 1 
to 5, wherein said individual identifier is a system 
identifier uniquely assigned to the computer sys- 
tem. 

8. A security system according to any one of the pre- 
ceding claims, which permits a security control pro- 
gram to be installed into the terminal only when a 
medium identifier uniquely assigned to the storage 
medium and said terminal identifier extracted from 
the terminal are both valid. 

9. A security system for protecting information stored 
in. a storage medium, comprising: 

a portable storage medium for storing informa- 
tion, having a medium identifier uniquely as- 
signed thereto; and 

a coniputer unit, having a unit identifier, for 
reading and writing the information in said stor- 



age medium, comphsing 
first encrypting means for writing permission 
data into said storage medium in encrypted 
form, the permission data being produced 

5- through encryption by using the medium iden- 

tifier extracted from said storage medium, the 
unit identifier, and a data encryption key 
second encrypting means for encrypting data 
with the data encryption key and writing en- 

10 crypted data into the storage medium, 

first decrypting means for, when said computer 
unit attempts to retrieve the encrypted data 
written in said storage mediunn, producing a da- 
ta decryption key through decryption by using 

'5 the permission data and the medium identifier 

extracted from said storage medium, and the 
unit identifier, and 

second decrypting means for decrypting the 
encrypted data extracted from said storage me- 
^0 dium with the data decryption key produced by 

said first decrypting means. 

10. A security system for protecting information stored 
in a storage medium, comprising: 

2S 

a portable storage medium for storing informa- 
tion, having a medium identifier uniquely as- 
signed thereto; and 

a computer unit, having a unit identifier, for 

30 reading and writing the information in said stor- 

age medium, comprising 
first private key generating means for generat- 
ing a private key based on the medium identifier 
extracted from said storage medium and the 

55 unit identifier, when said computer unit at- 

tempts to write data into said storage medium, 
first encrypting means for producing permis- 
sion data by encrypting a data encryption key 
with the private key generated by said first pri- 

40 vate key generating means, and for writing the 

permission data into said storage medium, 
second encrypting means for encrypting the 
data with the data encryption key, and for writ- 
ing encrypted data into the storage medium. 

45 second private key generating means for re- 

generating the private key based on the medi- 
um identifier extracted from said storage medi- 
um and the unit identifier, when said computer 
unit attempts to retrieve the encrypted data 

50 written in said storage medium, 

first decrypting means for producing a data de- 
cryption key by decrypting the permission data 
extracted from said storage medium, with the 
private key regenerated by said second private 

55 key generating means, and 

second decrypting means for decrypting the 
encrypted data extracted from said storage me- 
dium with the data decryption key produced by 
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said first decrypting means. 

11. A security system according.to claim 9, 
wherein said first encrypting means produces a plu- 
rality ot permission data corresponding to different s 
unit IDs assigned to different security control units 
and writes the plurality of permission data into said 
storage medium. 

12. A security system according to claim 9, io 
wherein said first encrypting means produces a plu- 
rality of permission data corresponding to different 
data to be encrypted and writes the plurality of per- 
mission data into said storage medium. 

75 

1 3. A security system according to any one of claims 9 
to 12, wherein the unit identifier is uniquely as- 
signed to said computer unit. 

14. A security system according to any one of claims 9 20 
to 12, wherein the unit identifier is uniquely as- 
signed to a portable drive unit used for reading and 
writing said storage medium. 
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